From 3e0ac693ae3726e35d8005283c541f3938cef73f Mon Sep 17 00:00:00 2001 From: Chris Burr Date: Thu, 5 Oct 2023 19:51:40 +0200 Subject: [PATCH] Add init-sql --- README.md | 4 +- diracx/templates/_helpers.tpl | 20 ++++++ diracx/templates/deployment.yaml | 20 ------ diracx/templates/init-sql/_init-sql.sh.tpl | 5 ++ diracx/templates/init-sql/configmap.yaml | 15 ++++ diracx/templates/init-sql/job.yaml | 82 ++++++++++++++++++++++ diracx/templates/secrets.yaml | 4 +- diracx/values.yaml | 8 +-- 8 files changed, 130 insertions(+), 28 deletions(-) create mode 100644 diracx/templates/init-sql/_init-sql.sh.tpl create mode 100644 diracx/templates/init-sql/configmap.yaml create mode 100644 diracx/templates/init-sql/job.yaml diff --git a/README.md b/README.md index f5f6778..993106f 100644 --- a/README.md +++ b/README.md @@ -97,8 +97,6 @@ TODO | dex.service.ports.http.port | int | `8000` | | | dex.service.type | string | `"NodePort"` | | | diracx.manageOSIndices | bool | `true` | | -| diracx.manageSQLSchema.enabled | bool | `true` | | -| diracx.manageSQLSchema.env | object | `{}` | | | diracx.modulesToInstall | list | `[]` | | | diracx.mysqlDatabases[0] | string | `"AuthDB"` | | | diracx.mysqlDatabases[1] | string | `"JobDB"` | | @@ -121,6 +119,8 @@ TODO | init-secrets.serviceAccount.create | bool | `true` | | | init-secrets.serviceAccount.enabled | bool | `true` | | | init-secrets.serviceAccount.name | string | `nil` | | +| init-sql.enabled | bool | `true` | | +| init-sql.env | object | `{}` | | | minio.consoleIngress.enabled | bool | `false` | | | minio.consoleService.type | string | `"NodePort"` | | | minio.enabled | bool | `true` | | diff --git a/diracx/templates/_helpers.tpl b/diracx/templates/_helpers.tpl index c568f31..cba7b68 100644 --- a/diracx/templates/_helpers.tpl +++ b/diracx/templates/_helpers.tpl @@ -120,3 +120,23 @@ Create the name of the service account to use for init-secrets job {{ coalesce $initSecretsValues.serviceAccount.name .Values.global.serviceAccount.name "default" }} {{- end -}} {{- end -}} + +{{/* +Return the fullname template for the init-sql job. +*/}} +{{- define "init-sql.fullname" -}} +{{- printf "%s-init-sql" .Release.Name -}} +{{- end -}} + +{{/* +Create a default fully qualified job name for init-sql. +Due to the job only being allowed to run once, we add the chart revision so helm +upgrades don't cause errors trying to create the already ran job. +Due to the helm delete not cleaning up these jobs, we add a random value to +reduce collisions. +*/}} +{{- define "init-sql.jobname" -}} +{{- $name := include "init-sql.fullname" . | trunc 55 | trimSuffix "-" -}} +{{- $rand := randAlphaNum 3 | lower }} +{{- printf "%s-%d-%s" $name .Release.Revision $rand | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/diracx/templates/deployment.yaml b/diracx/templates/deployment.yaml index cb3f42b..fc2bf7c 100644 --- a/diracx/templates/deployment.yaml +++ b/diracx/templates/deployment.yaml @@ -76,26 +76,6 @@ spec: {{- end }} initContainers: - {{- if .Values.diracx.manageSQLSchema.enabled }} - - name: create-sql-db-schema - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - command: ["bash", "/entrypoint.sh"] - args: ["python", "-m", "diracx.db", "init-sql"] - volumeMounts: {{ toYaml $commonVolumeMounts | nindent 10 }} - {{- if .Values.mysql.enabled }} - env: - {{- range $dbName := .Values.diracx.mysqlDatabases }} - - name: DIRACX_DB_URL_{{ $dbName | upper }} - valueFrom: - secretKeyRef: - name: diracx-sql-root-connection-urls - key: DIRACX_DB_URL_{{ $dbName | upper }} - {{- end }} - {{- end }} - envFrom: - - secretRef: - name: diracx-init-mysql-secrets - {{- end }} {{- if .Values.diracx.manageOSIndices }} - name: create-os-db-indices image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/diracx/templates/init-sql/_init-sql.sh.tpl b/diracx/templates/init-sql/_init-sql.sh.tpl new file mode 100644 index 0000000..098c74f --- /dev/null +++ b/diracx/templates/init-sql/_init-sql.sh.tpl @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +set -euo pipefail +IFS=$'\n\t' + +python -m diracx.db init-sql diff --git a/diracx/templates/init-sql/configmap.yaml b/diracx/templates/init-sql/configmap.yaml new file mode 100644 index 0000000..adef34e --- /dev/null +++ b/diracx/templates/init-sql/configmap.yaml @@ -0,0 +1,15 @@ +{{- $initSQLValues := index .Values "init-sql" "enabled" -}} +{{- if $initSQLValues -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "init-sql.fullname" . }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install,pre-upgrade + "helm.sh/hook-weight": "-3" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +data: + init-sql: | + {{- include (print $.Template.BasePath "/init-sql/_init-sql.sh.tpl") . | nindent 4 }} +{{- end -}} diff --git a/diracx/templates/init-sql/job.yaml b/diracx/templates/init-sql/job.yaml new file mode 100644 index 0000000..8722db1 --- /dev/null +++ b/diracx/templates/init-sql/job.yaml @@ -0,0 +1,82 @@ +{{- $initSQLValues := index .Values "init-sql" -}} +{{- if $initSQLValues.enabled }} + +{{/* Define common volume mounts for reusability */}} +{{- $commonVolumeMounts := list }} +{{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" "/entrypoint.sh" "name" "container-entrypoint" "subPath" "entrypoint.sh") }} +{{- if and .Values.developer.enabled .Values.developer.enableCoverage }} +{{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" "/diracx-coveragerc" "name" "container-entrypoint" "subPath" "coveragerc") }} +{{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" "/coverage-reports" "name" "coverage-data" "readOnly" false) }} +{{- end }} +{{- if and .Values.developer.enabled .Values.developer.modulesToEditableInstall }} +{{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" .Values.developer.sourcePath "name" "diracx-code-mount" "readOnly" true) }} +{{- range $module := .Values.developer.modulesToEditableInstall }} +{{- $commonVolumeMounts = append $commonVolumeMounts (dict "mountPath" (printf "%s/%s/src/%s.egg-info" $.Values.developer.sourcePath $module $module) "name" (printf "%s-editable-install" (lower $module)) "readOnly" false) }} +{{- end }} +{{- end }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "init-sql.jobname" . }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install,pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +spec: + template: + metadata: + annotations: + {{- range $key, $value := $initSQLValues.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + restartPolicy: Never + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/bin/bash", "/entrypoint.sh"] + args: ["/bin/bash", "/scripts/init-sql"] + volumeMounts: + {{ toYaml $commonVolumeMounts | nindent 12 }} + - name: scripts + mountPath: /scripts + {{- if .Values.mysql.enabled }} + env: + {{- range $dbName := .Values.diracx.mysqlDatabases }} + - name: DIRACX_DB_URL_{{ $dbName | upper }} + valueFrom: + secretKeyRef: + name: diracx-sql-root-connection-urls + key: DIRACX_DB_URL_{{ $dbName | upper }} + {{- end }} + {{- end }} + envFrom: + - secretRef: + name: diracx-init-mysql-secrets + resources: + {{- toYaml $initSQLValues.resources | nindent 12 }} + volumes: + - name: scripts + configMap: + name: {{ template "init-sql.fullname" . }} + {{- if and .Values.developer.enabled .Values.developer.modulesToEditableInstall }} + - name: diracx-code-mount + persistentVolumeClaim: + claimName: pvc-diracx-code + {{- range $module := .Values.developer.modulesToEditableInstall }} + - name: {{ lower $module }}-editable-install + empty-dir: + sizeLimit: 5Mi + {{- end }} + {{- end }} + - name: container-entrypoint + configMap: + name: diracx-container-entrypoint + {{- if and .Values.developer.enabled .Values.developer.enableCoverage }} + - name: coverage-data + persistentVolumeClaim: + claimName: pvc-coverage + {{- end }} +{{- end }} diff --git a/diracx/templates/secrets.yaml b/diracx/templates/secrets.yaml index 888764b..ced7fcb 100644 --- a/diracx/templates/secrets.yaml +++ b/diracx/templates/secrets.yaml @@ -10,13 +10,13 @@ stringData: {{- end }} {{- end }} --- -{{- if .Values.diracx.manageSQLSchema.enabled }} +{{- if index .Values "init-sql" "enabled" }} apiVersion: v1 kind: Secret metadata: name: diracx-init-mysql-secrets stringData: -{{ .Values.diracx.manageSQLSchema.env | toYaml | indent 2 }} +{{ (index .Values "init-sql" "env") | toYaml | indent 2 }} --- {{- end }} {{- if .Values.diracx.manageOSIndices }} diff --git a/diracx/values.yaml b/diracx/values.yaml index c142ff6..5b14875 100644 --- a/diracx/values.yaml +++ b/diracx/values.yaml @@ -62,6 +62,10 @@ init-secrets: create: true name: # Specify a pre-existing ServiceAccount name +init-sql: + # Should DiracX include an init container which manages the SQL DB schema? + enabled: true + env: {} developer: enabled: true @@ -85,10 +89,6 @@ diracx: DIRACX_CONFIG_BACKEND_URL: "git+file:///cs_store/initialRepo" DIRACX_SERVICE_AUTH_TOKEN_KEY: "file:///signing-key/rsa256.key" DIRACX_SERVICE_AUTH_ALLOWED_REDIRECTS: '["http://anything:8000/docs/oauth2-redirect"]' - # Should DiracX include an init container which manages the SQL DB schema? - manageSQLSchema: - enabled: true - env: {} # Should DiracX include an init container which manages the OS DB indices? manageOSIndices: true # Which DiracX MySQL DBs are used?